mk-docker-opts.sh 脚本将分配给 flanneld 的 Pod 子网网段信息写入 /run/flannel/docker 文件,后续 docker 启动时 使用这个文件中的环境变量配置 docker0 网桥;
flanneld 使用系统缺省路由所在的接口与其它节点通信,对于有多个网络接口(如内网和公网)的节点,可以用 -iface 参数指定通信接口,如上面的 eth0 接口;
flanneld 运行时需要 root 权限;
配置Docker启动指定子网段,所有node节点
vim /usr/lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service Wants=network-online.target [Service] Type=notify EnvironmentFile=http://www.likecs.com/run/flannel/subnet.env ExecStart=http://www.likecs.com/usr/bin/dockerd $DOCKER_NETWORK_OPTIONS ExecReload=http://www.likecs.com/bin/kill -s HUP $MAINPID LimitNOFILE=infinity LimitNPROC=infinity LimitCORE=infinity TimeoutStartSec=0 Delegate=yes KillMode=process Restart=on-failure StartLimitBurst=3 StartLimitInterval=60s [Install] WantedBy=multi-user.target将flanneld systemd unit 文件到所有节点
cd /data/soft/ scp -P 12525 -r kubernetes www@192.168.0.7:/data/soft/ scp -P 12525 -r kubernetes www@192.168.0.8:/data/soft/ scp -P 12525 /data/soft/kubernetes/cfg/flanneld www@192.168.0.7:/data/soft/kubernetes/cfg/flanneld scp -P 12525 /data/soft/kubernetes/cfg/flanneld www@192.168.0.8:/data/soft/kubernetes/cfg/flanneld scp /usr/lib/systemd/system/docker.service 192.168.0.7:/usr/lib/systemd/system/docker.service scp /usr/lib/systemd/system/docker.service 192.168.0.8:/usr/lib/systemd/system/docker.service scp /usr/lib/systemd/system/flanneld.service 192.168.0.7:/usr/lib/systemd/system/flanneld.service scp /usr/lib/systemd/system/flanneld.service 192.168.0.8:/usr/lib/systemd/system/flanneld.serviceNode节点启动服务
systemctl daemon-reload systemctl start flanneld systemctl enable flanneld systemctl restart docker 查看flannel网络是否生效 node1 回显: --- ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:16:3e:00:e9:96 brd ff:ff:ff:ff:ff:ff inet 192.168.0.7/24 brd 192.168.0.255 scope global dynamic eth0 valid_lft 290352654sec preferred_lft 290352654sec 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:9d:2d:f5:46 brd ff:ff:ff:ff:ff:ff inet 172.18.39.1/24 brd 172.18.39.255 scope global docker0 valid_lft forever preferred_lft forever 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 0e:4e:b2:09:66:59 brd ff:ff:ff:ff:ff:ff inet 172.18.39.0/32 scope global flannel.1 valid_lft forever preferred_lft forever node2 回显: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:16:3e:00:1a:5b brd ff:ff:ff:ff:ff:ff inet 192.168.0.8/24 brd 192.168.0.255 scope global dynamic eth0 valid_lft 290352443sec preferred_lft 290352443sec 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:0c:6d:3f:30 brd ff:ff:ff:ff:ff:ff inet 172.18.98.1/24 brd 172.18.98.255 scope global docker0 valid_lft forever preferred_lft forever 4: flannel.1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default link/ether 86:2f:59:3b:1f:88 brd ff:ff:ff:ff:ff:ff inet 172.18.98.0/32 scope global flannel.1 valid_lft forever preferred_lft forever确保docker0与flannel.1在同一网段。 测试不同节点互通,在当前节点访问另一个Node节点docker0 IP。
# ping 172.17.58.1 PING 172.17.58.1 (172.17.58.1) 56(84) bytes of data. 64 bytes from 172.17.58.1: icmp_seq=1 ttl=64 time=0.263 ms 64 bytes from 172.17.58.1: icmp_seq=2 ttl=64 time=0.204 ms可以使用创建一个容器的方法,分别在node节点上面创建一个容器测试容器是否通信正常,命令如下
docker run -it busybox sh,双方节点各开启容器进行互ping 测试
并保证互ping 全网通信
如果能通说明Flannel部署成功。如果不通检查下日志:journalctl -u flannel,检查node节点是否开启端口转发。
部署 master 节点kubernetes master 节点运行如下组件:
kube-apiserver
kube-scheduler
kube-controller-manager